Take control of your security posture and compliance mandates with a comprehensive set of controls that visualize, analyze, and prioritize in real-time the detection and response of targeted attacks, data breaches, and compliance drift. By integrating CimTrak integrity assurance data into the LogRhythm’s NextGen SIEM, you can assess, investigate, and remediate unknown, unwanted, or unexpected activity across your entire enterprise, mitigating and eliminating enormous risk variables.
Through this joint integration effort, LogRhythm effectively aggregates integrity data into its SIEM enabling it to identify things such as zero-day breach activity, which can then be manually or automatically rolled back to a previous trusted state of operation.
CimTrak features that enrich LogRhythm data for incident prevention and response, forensics, and regulatory compliance include:
Measure Mean-Time-To-Restore (MTTR) and Mean-Time-To Contain (MTTC) to a correct and operational state in seconds.
Prevent changes entirely for those files and directories that should never change avoiding the start of a breach or problem.
Continuous and non-disruptive compliance validation and verification with simple remediation guidance and integrated process workflow for failed systems.
Historical evidence of all change activity securely preserved for recovering, identifying and analyzing the who, what, where, when, how and why.
Analyze and evaluate real-time security decisions and vulnerability risks with threat intelligence feeds (STIX/TAXII) and file reputation services.
Built-in ticketing system to enable workflow automation and control as well as the point of integration for bi-direction integration with ITSM’s.
Validate the integrity of infrastructure by detecting state changes against trusted baselines, CIS benchmarks and numerous other integrity attributes.
Data that gets loaded to the SIEM is what gives it value. There are a lot of bad data sources, and most data cannot easily be classified binary as good or bad.
CimTrak is BINARY. CimTrak’s data provides clear context of unwanted, unexpected, and unauthorized activity throughout your enterprise.
SIEMs can be associated with “noise.” Alert fatigue has become a major problem for organizations with SIEMS that receive an average of 17,000 malware alerts per week.
CimTrak provides precise and actionable data when integrity and compliance drift occur throughout your infrastructure. This unique ability reduces change noise as much as 95% leaving concise details of unknown, unwanted, and unexpected activity.
Integrity and compliance drift is certain to occur through additions, modifications, and deletions of data throughout the lifecycle of its operation.
CimTrak can provide roll-back and remediation. Whether it’s the restoration of a failed service or a security event or breach occurred, CimTrak can roll-back to any number of trusted and operation states as it stores in compressed and encrypted the necessary files.
With so many frameworks and best practices, many often ask which is best and for what reasons. Almost all of them are very detailed, exhaustive, and descriptive telling you “what needs to be done.” However, only one is prescriptive in nature. The CIS Controls not only tell you “what needs to be done,” but they also tell you in what order they need to be considered when implementing an effective security framework.
The majority of security incidents occur when basic controls are lacking or are poorly implemented. The first six CIS Critical Security Controls have been assessed as preventing up to 90% of pervasive and dangerous cyberattacks. This supporting statement is included in John Gilligan’s (CEO of Center for Internet Security) testimony to the United States Senate, Permanent Subcommittee on Investigations, Homeland Security & Government Affairs Committee on Private Sector Data Breaches, Thursday, March 7, 2019